CVE-2021-46966

2024-02-2700:00:00

ubuntu.com

linux kernel

acpi

use-after-free

vulnerability

fix

cm_write

AI Score

6.8

Confidence

High

EPSS

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved: ACPI:
custom_method: fix potential use-after-free issue In cm_write(), buf is
always freed when reaching the end of the function. If the requested count
is less than table.length, the allocated buffer will be freed but
subsequent calls to cm_write() will still try to access it. Remove the
unconditional kfree(buf) at the end of the function and set the buf to NULL
in the -EINVAL error path to match the rest of function.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-77.86UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-253.287UNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1051.53UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1130.136UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1168.183UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1109.116~16.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1051.53UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-77.86	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-253.287	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1051.53	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1130.136	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1168.183	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< 4.15.0-1109.116~16.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1051.53	UNKNOWN